audioscrobbler password saved as plaintext in gconf
Bug #42686 reported by
Kevin J Brown
This bug affects 9 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Rhythmbox |
Expired
|
Low
|
|||
rhythmbox (Ubuntu) |
Fix Released
|
Medium
|
Ubuntu Desktop Bugs |
Bug Description
When saving a password for audioscrobbler, it is saved in .gconf unencoded. It appears in
/home/kevinly/
I realize that you should use different password for different websites, but some may inadvertantly set the user's (and thus su) password for their audioscrobbler password.
A better option would be to store the md5 of the password instead since that is all last.fm requires for authorization. An optimal solution may be to use gnome-keyring instead of gconf.
Changed in rhythmbox: | |
status: | Unknown → Unconfirmed |
Changed in rhythmbox: | |
assignee: | michael → nobody |
Changed in rhythmbox: | |
assignee: | nobody → desktop-bugs |
status: | Confirmed → Triaged |
Changed in rhythmbox (Ubuntu): | |
status: | Confirmed → Triaged |
tags: | added: patch-forwarded-upstream |
Changed in rhythmbox: | |
importance: | Unknown → Low |
Changed in rhythmbox: | |
status: | New → Expired |
To post a comment you must log in.
Agreed, rhythmbox should use the gnome keyring to store passwords.